Description
In the course of the digitization in healthcare, the collection and central storage of large health-related datasets in clouds in the form of personal health records is growing. However, the use of cloud services for sensitive data is associated with security and privacy risks. Further, the delegation of control over security and privacy measures to the cloud provider requires trust on the users’ side. In order to investigate the role of security and privacy when storing and processing patient data, we conducted an online experiment, in which third-party cloud services are compared to private on-premise data centers. Additionally, we examine the impact of data breaches on the perceived security, privacy, control and trust in both storage scenarios. Our results indicate that cloud-based personal health records still face concerns regarding perceived security, privacy, control and trust amongst end-users. Nevertheless, after a data breach, no significant differences between both solutions exist.
Security and Privacy of Personal Health Records in Cloud Computing Environments – An Experimental Exploration of the Impact of Storage Solutions and Data Breaches
In the course of the digitization in healthcare, the collection and central storage of large health-related datasets in clouds in the form of personal health records is growing. However, the use of cloud services for sensitive data is associated with security and privacy risks. Further, the delegation of control over security and privacy measures to the cloud provider requires trust on the users’ side. In order to investigate the role of security and privacy when storing and processing patient data, we conducted an online experiment, in which third-party cloud services are compared to private on-premise data centers. Additionally, we examine the impact of data breaches on the perceived security, privacy, control and trust in both storage scenarios. Our results indicate that cloud-based personal health records still face concerns regarding perceived security, privacy, control and trust amongst end-users. Nevertheless, after a data breach, no significant differences between both solutions exist.